What's a safe way to code for external php includes ?

[Dez]

Is there a safe way to do php includes from internal and external websites please? A way where the webhosts wouldn't need to worry?

[ralph.m]

As far as I know, internal includes are quite safe, and external ones are not available.

[Dez]

Thanks Ralph. Anyone know for definite?

[AnthonySterling]

include supports remote paths, but I'd be more comfortable if this was some sort of API. Do you have a use-case ?

[StarLion]

Mmmh.. include allows remote paths, but it should be pointed out this will NOT return PHP-execute script... it will just return the HTML result of the remote script. If it did, every PHP site in the world would be easily hackable.

[samanime]

As StarLion said, it's possible, but not how you may expect.

A use-case would definitely be helpful. There is very little reason not to use an API nowadays. They are incredibly easy to build (for simple things) and rather reliable.

[deathshadow60]

Meanwhile I'm not even sure I follow the question -- I'm assuming by 'external' you mean 'remote' and by 'internal' you mean 'local'?

NOT that 'remote' (as in off server) includes should even be ALLOWED.

[samanime]

I can see remote includes being allowed, but in the context of an intranet (though even then, I still prefer free-standing APIs to a complex mix of PHP files leaving on several servers).

[Dez]

I can see remote includes being allowed, but in the context of an intranet (though even then, I still prefer free-standing APIs to a complex mix of PHP files leaving on several servers).

Thanks to all for the help and ideas on this it's really appreciated. So, retrieving contents from an external website, is possible, but the only way to do it, is by API's - is that about right please? Or are there other ways? Use case?

[samanime]

The -only- way... no.

The way 99% of developers who know what they are talking about would recommend: yes.

Basically an API is meant for exactly that: joining two independent systems.

For example, I have a site which uses the logins from a different system. In order to authenticate, we have a web service (an API) which I call to ask that server for the information I want in order to know if I should let the user log in or not. Afterwards, I can ask it other things like information about that user.

[ralph.m]

As others have said, a use-case would be good (that is, a description of what you are trying to do here). I recently found out how easy it is to pull in data from an remote RSS feed (from another site) onto a page with PHP.